The present invention relates generally to distributed computer network systems, and more particularly, to a method and system for enforcing network security by preserving and utilizing execution information in a service entry stack.
A distributed computer network system typically comprises a large number of individual nodes, such as workstations, PC's, terminals, host computers, and data storage components, which are tied together across a network. Also, the distributed network system may comprise remotely located clients tied together to utilize common data storage components and to share processing power of multiple nodes. The distributed computer network complicates the management of transactions because of the fact that transactions or events are happening independently or dependently at different locations. In view of various operations happening in the distributed computer network, the management of the data transactions and the security thereof is a critical element of the operation of the network.
In the distributed computer network system, various applications are somewhat related. For a particular process, one or more events may happen in the system, and they may be related. For example, a particular triggering event happening in one application may affect the operation of others or trigger a new series of operations (therefore, more events) in other applications. For example, if there is an application that maintains the current employee list in a company, if one employee leaves the company, the human resources personnel may want to delete the information about the leaving employee from the employee list. Accordingly, this application performs its own internal logic for removing the departing employee from the list. After this change is made to the list, other applications may have to take various actions. For instance, the current application needs to notify other applications operated by the security department to take away all this departing employee's authorized access rights, including deactivating his badge, applications operated by the telephone department to block his extension and voice mail, applications operated by the IT department to bounce his emails with a necessary notification message. As such, the inter-relation among various applications/events makes the management of the distributed network system hard to manage, especially for the security concerns.
One important issue is how one application needs to notify other related applications about an event that has a common concern, and how these applications could work together. In other words, to synchronize all the applications running on a distributed system and control the security measures in a systematic way is a practical challenge. It is known in the art, that one way to solve this problem would be to have a central database storing information about which recipients (“subscribers”) care about which notifications (“events”) from which senders (“publishers”). In this central database, a subscriber should specify which events it cares about, or which publishers it cares about receiving an event from. On the other hand, a publisher wanting to announce an event to all interested parties can easily find all the subscribers in the database. The publisher could examine the subscriber list in the database and perform some filtering logic to decide which of the subscribers who wanted to be notified should actually be notified of the event.
As it is known, the events published in the distributed network may need to be secured for various reasons. Maintaining data integrity and security is, in general, a major aspect of today's computer network. What is needed is an efficient method for enforcing network security in a distributed network with event based processing systems.